SC Magazine Autralia summarized Ed Skoudis’s and Joannes Ullrich’s RSA presentation on the six most dangerous IT Security threats of 2011 and what to expect in the year ahead. They are:

DNS as command-and-control

SSL slapped down

Mobile malware as a network infection vector

Hacktivism is back

SCADA at home

Cloud Security

Additional trends:

IPv6

Oldies

Social Networking

Malware

DNSSEC

The reference to the Malware item above is that blacklisting is a losing proposition and organizations need to move to whitelisting. IMHO, this especially true for establishing positive network control at the application level.

Despite efforts to curb file-sharing, it’s booming. New file-sharing apps have been developed that are harder for enterprises to control.

The file-sharing landscape is slowly adjusting in response to the continued push for more anti-piracy tools, the final Pirate Bay verdict, and the raids and arrests in the Megaupload case. Faced with uncertainty and drastic changes at file-sharing sites, many users are searching for secure, private and uncensored file-sharing clients. Despite the image its name suggests, RetroShare is one such future-proof client.

If your Next Generation Firewall uses a Positive Control Model and monitors all 65,535 ports all the time you do not have to worry about these new file-sharing products because they will be blocked as unknown applications. Of course, before you go into production, you must investigate all of the unknown apps to assure that all business-required apps are identified, defined, and allowed by policy.

Modern malware has transformed into highly sophisticated network applications and has, in the process, changed the world of enterprise security and how networks are attacked. These threats are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and scale that has never before been seen in malware.

“Modern Malware for Dummies,” by Lawrence C. Miller, provides an in-depth examination of real-world attacks and modern malware threats, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and security best practices.

If you would like a copy of this book, please fill out the form on the right side of this page.